Menu
▾
▴
[Benson-commit] CVS: benson3/handlers A10email.pm,1.7,1.8
|
From: Bob T. <bt...@us...> - 2004-01-27 07:47:44
|
Update of /cvsroot/benson/benson3/handlers In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28927/handlers Modified Files: A10email.pm Log Message: A really new and improved A10email handler. Index: A10email.pm =================================================================== RCS file: /cvsroot/benson/benson3/handlers/A10email.pm,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -r1.7 -r1.8 *** A10email.pm 25 Jan 2004 17:36:05 -0000 1.7 --- A10email.pm 27 Jan 2004 07:46:44 -0000 1.8 *************** *** 5,19 **** use POSIX; ! sub parse_file { ! my ($self, $filename, $t, $list, $emails) = @_; ! my $s = $t->server; my $identity = $t->identity; ! my %alertlist = %{$list}; ! $s->trace("($identity) A10email opening $filename...",3); ! open CONFIG, $filename || return -1; while(<CONFIG>) { my $line = $_; if($line =~ m/^#/ || $line =~ m/^\s/) { --- 5,75 ---- use POSIX; ! sub match_total_count { ! my ($self, $total, $count) = @_; ! if($count eq ".*") { ! return 1; ! } ! ! if($total == $count) { ! return 1; ! } ! ! return 0; ! } ! ! sub parse_legacy_alias { ! my ($self, $alias) = @_; ! my ($protocol, $parameter) = split /:/, $alias, 2; ! ! my %hash; ! ! if($protocol eq "file") { ! $hash{protocol} = "legacy_file"; ! $hash{parameter} = $parameter; ! } elsif($protocol eq "email") { ! $hash{protocol} = "email"; ! $hash{parameter} = $parameter; ! } else { ! $hash{protocol} = "email"; ! $hash{parameter} = $alias; ! } ! return \%hash; ! } ! ! sub parse_legacy_line { ! my ($self, $line_count, $line) = @_; ! ! my ($pass,$agent,$severity,$subsystem,$message,$count,$alias) = ! split /\s+/, $line, 7; ! ! my %hash; ! ! $hash{line_count} = $line_count; ! $hash{pass} = $pass; ! push @{$hash{agents}}, $agent; ! push @{$hash{severity}}, $severity; ! push @{$hash{subsystem}}, $subsystem; ! push @{$hash{message}}, $message; ! $hash{count} = $count; ! $hash{action} = $self->parse_legacy_alias($alias); ! ! return \%hash; ! } ! ! sub parse_legacy_file { ! my ($self, $filename, $t) = @_; ! ! my $line_count = 0; ! my @rules; my $identity = $t->identity; ! my $s = $t->server; ! $s->trace("M ($identity) A10email opening $filename...", 3); ! ! open CONFIG, $filename or return -1; while(<CONFIG>) { + $line_count++; my $line = $_; if($line =~ m/^#/ || $line =~ m/^\s/) { *************** *** 22,84 **** $line =~ s/\*/\.\*/g; chop $line; ! my ($pass,$agent,$severity,$subsystem,$message,$count,$alias) = ! split /\s+/, $line, 7; ! my $key = join ":", ($t->agent, $t->severity, $t->subsystem, $t->message); ! my $total = $#{$alertlist{$key}->{sub_alerts}} + 1; ! if(($t->agent =~ m/$agent/) && ! ($t->severity =~ m/$severity/) && ! ($t->subsystem =~ m/$subsystem/) && ! ($t->message =~ m/$message/) && ($total == $count)) { ! $s->trace("($identity) Matched for $alias",4); ! my ($protocol, $parameter) = split /:/, $alias, 2; ! if($protocol eq "file") { ! if($self->parse_file($parameter, $t, $emails) == -1) { ! $s->log("($identity) File $parameter not found!", WARNING); } ! } elsif($protocol eq "email") { ! $emails->{$parameter} = 1; ! } else { ! $emails->{$alias} = 1; } ! ! if($pass eq "+") { ! last; } } } - close CONFIG; ! return 0; } sub handler { ! my ($self,$t) = @_; my $s = $t->server; ! my $queue = new Benson(); my $identity = $t->identity; my $alertlist = $queue->sorted_href_alert_list(); ! $s->trace("($identity) A10email action handler begins...",3); my $filename = $s->ServerRoot."/etc/email.conf"; ! my %emails; # ! # Populate hash of emails # ! if($self->parse_file($filename, $t, $alertlist, \%emails) == -1) { ! $s->log("($identity) File $filename not found!", FATAL); } # # Send emails to hash list # ! foreach my $email (keys %emails) { ! $s->trace("($identity) Sending alert($identity) email to $email", 3); ! $self->send_email($email, $t); ! $queue->submit(severity => "informational", ! subsystem => "A10email", ! message => "Email for $identity sent to $email"); } --- 78,289 ---- $line =~ s/\*/\.\*/g; chop $line; + push @rules, $self->parse_legacy_line($line_count, $line); + } + close CONFIG; + + return \@rules; + } ! sub process_rules_files { ! my ($self, $t, $rule_files) = @_; ! ! my $identity = $t->identity; ! my $s = $t->server; ! my $not_done = 1; ! ! # ! # Goal is to process all files, but only once. ! # ! while($not_done) { ! $not_done = 0; ! foreach my $file_key (keys %{$rule_files}) { ! ! # ! # Don't read processed files, again. ! # ! if($rule_files->{$file_key}->{processed} != 0) { ! next; ! } ! ! # ! # Parse the rules looking for more files to parse. ! # ! my $number_of_rules = 0; ! foreach my $rule (@{$rule_files->{$file_key}->{rules}}) { ! $number_of_rules++; ! # ! # If the rule is for a legacy_file read that. ! # ! if ($rule->{action}->{protocol} eq "legacy_file") { ! my $legacy_filename = $rule->{action}->{parameter}; ! ! # ! # If we're reading that file already, skip it. ! # ! if($legacy_filename eq $file_key) { ! next; ! } ! ! # ! # If we've already read that file, skip it. ! # ! if($rule_files->{$legacy_filename}->{processed} != 0) { ! next; ! } ! ! my %hash; ! if(($rules = $self->parse_legacy_file($legacy_filename, $t)) == -1) { ! # ! # If we can't even find the file, mark as bad. ! # ! $hash{processed} = -1; ! $s->log("M ($identity) File $legacy_filename not found", WARNING); ! } else { ! # ! # Everything is good, mark as unprocessed. ! # ! $hash{processed} = 0; } ! $hash{rules} = $rules; ! $rule_files->{$legacy_filename} = \%hash; ! $not_done = 1; } ! } ! $s->trace("M ($identity) $file_key read $number_of_rules rules.", 3); ! $rule_files->{$file_key}->{processed} = 1; ! } ! } ! return 0; ! } ! ! sub process_trap { ! my ($self, $t, $rule_files, $list, $filename) = @_; ! ! my $identity = $t->identity; ! my $s = $t->server; ! my %alertlist = %{$list}; ! my $key = join ":", ($t->agent, $t->severity, $t->subsystem, $t->message); ! my $total = $#{$alertlist{$key}->{sub_alerts}} + 1; ! my $emails; ! ! if($rule_files->{$filename}->{processed} != 1) { ! return -1; ! } ! ! foreach my $rule (@{$rule_files->{$filename}->{rules}}) { ! ! my $agent_found = 0; ! my $line_count = $rule->{line_count}; ! foreach my $agents (@{$rule->{agents}}) { ! if($t->agent =~ m/$agents/) { ! $s->trace("M ($identity) Line $line_count matched agent=$agents", 4); ! $agent_found = 1; ! } ! } ! ! my $severity_found = 0; ! foreach my $severity (@{$rule->{severity}}) { ! if($t->severity =~ m/$severity/) { ! $s->trace("M ($identity) Line $line_count matched severity=$severity", 4); ! $severity_found = 1; ! } ! } ! ! my $subsystem_found = 0; ! foreach my $subsystem (@{$rule->{subsystem}}) { ! if($t->subsystem =~ m/$subsystem/) { ! $s->trace("M ($identity) Line $line_count matched subsystem=$subsystem", 4); ! $subsystem_found = 1; ! } ! } ! ! my $message_found = 0; ! foreach my $message (@{$rule->{message}}) { ! if($t->message =~ m/$message/) { ! $s->trace("M ($identity) Line $line_count matched message=$message", 4); ! $message_found = 1; ! } ! } ! ! if($agent_found && $severity_found && ! $subsystem_found && $message_found && ! $self->match_total_count($total, $rule->{count})) { ! $s->trace("C ($identity) matched on $filename:$line_count", 4); ! $s->trace("C ($identity) action is ".$rule->{action}->{protocol}.":".$rule->{action}->{parameter}, 4); ! ! if($rule->{action}->{protocol} eq "legacy_file") { ! my $rc; ! if(($rc = $self->process_trap($t, $rule_files, $list, $rule->{action}->{parameter})) == -1) { ! $s->trace("M ($identity) rules for ".$rule->{action}->{parameter}." not found", 4); ! } ! foreach my $email (keys %{$rc}) { ! $emails->{$email} = 1; } + } elsif($protocol eq "email") { + $emails->{$rule->{action}->{parameter}} = 1; + } else { + $emails->{$rule->{action}->{parameter}} = 1; + } + + if($rule->{pass} eq "+") { + last; + } + } else { + my $total_matched = $agent_found + $severity_found + $subsystem_found + + $message_found + $self->match_total_count($total, $rule->{count}); + $s->trace("C ($identity) did not match ($total_matched/5) on $filename:$line_count", 4); } } ! return $emails; } sub handler { ! my ($self, $t) = @_; my $s = $t->server; ! my $queue = new Benson; my $identity = $t->identity; + my %rule_files; + my $alertlist = $queue->sorted_href_alert_list(); ! $s->trace("M ($identity) A10email action handler begins...",3); my $filename = $s->ServerRoot."/etc/email.conf"; ! # ! # Populate a list of rules. (prime the pump) # ! if(($rules = $self->parse_legacy_file($filename, $t)) == -1) { ! $s->log("M ($identity) File $filename not found!", FATAL); } # + # Populate first rule file + # + my %hash; + $hash{rules} = $rules; + $hash{processed} = 0; + $rule_files{$filename} = \%hash; + + # + # Process the rest of the files. + # + my $rc = $self->process_rules_files($t, \%rule_files); + + $s->trace("T ($identity) agent=".$t->agent." severity=".$t->severity." subsystem=".$t->subsystem." message=".$t->message, 4); + + # + # Pass the trap through the rule set + # + my $emails = $self->process_trap($t, \%rule_files, $alertlist, $filename); + + # # Send emails to hash list # ! foreach my $email (keys %{$emails}) { ! $s->trace("M ($identity) Sending alert email to $email", 3); ! # $self->send_email($email, $t); } *************** *** 86,99 **** } - sub match_alert { - my ($self, $t, $key) = @_; - my ($agent, $severity, $subsystem, $message) = split /\:/, $key, 4; - if(($t->agent =~ m/$agent/) && - ($t->severity =~ m/$severity/) && - ($t->subsystem =~ m/$subsystem/) && - ($t->message =~ m/$message/)) { return 1; } - return 0; - } - sub send_email { my ($self,$alias,$t) = @_; --- 291,294 ---- *************** *** 105,109 **** my $subject = $t->agent.":".$t->severity.":".$t->subsystem.":".$t->message; my $message = $t->message; ! $t->server->log("($identity) Sending an email to $alias", INFO); open MAIL, "| /usr/lib/sendmail -t -n"; print MAIL <<EOT; --- 300,304 ---- my $subject = $t->agent.":".$t->severity.":".$t->subsystem.":".$t->message; my $message = $t->message; ! $t->server->log("M ($identity) Sending an email to $alias", INFO); open MAIL, "| /usr/lib/sendmail -t -n"; print MAIL <<EOT; |
